1. Field of the Invention
The present invention relates generally to a system and method for controlling access to system resources in hardware, most particularly in a system including a processor, memory, and devices, but including neither a processor memory management unit (PMMU) nor an input/output memory management unit (IOMMU).
2. Description of the Related Art
Generally user process.sub.-- level protection in CPU-based hardware systems such as computer systems and embedded controller systems is supplied by a system memory management unit (MMU). The MMU in a conventional system performs several functions including address translation from virtual to physical addresses, and remapping and realigning of noncontiguous physical address segments into contiguous virtual addresses. The MMU of a conventional system also controls access to system hardware resources using protection checks built into MMU logic. This access control prevents one user-level process from writing into physical memory pages assigned to another process, reading from the physical memory pages or executing from the physical memory pages. The access control functionality of the MMU of a conventional system also supplies address mapping to input/output devices under control of an operating system such that a user process with no mapping to the input/output device does not even detect that the input/output device is present in the system.
Unfortunately memory address protection is compromised in systems that do not include memory management unit hardware and in systems that do include a memory management unit but employ an operating system that does not exploit the protection capabilities of the MMU. User-level resource protection is difficult to achieve in a system that does not include or fails to exploit MMU hardware. In some real-time embedded systems, the memory management unit (MMU) may not be used due to the overhead of managing virtual memory. In a system that does not exploit the MMU, either an entire application executes in a single kernel context or multiple user-level contexts trap into a single kernel context for device access.
A system that runs the Java.TM. Virtual Machine (JVM) is an example of a system that does not use an MMU but operates in an environment that generally demands resource protection. The Java.TM. Virtual Machine (JVM) is available from Sun Microsystems, Inc. and supports a multi-threaded environment for the Java.TM. programming language (also available from Sun Microsystems, Inc). Java, SpecJava, Sun, Sun Microsystems and the Sun Logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.
The JVM allows multiple tasks to execute within a common address space in a well-defined and secure environment. Resource protection is highly advantageous in the JVM environment since, although JVM supports multi-tasking, many applications run multiple instances of the JVM with each instance generally using resources independently of the other instances but concurrently with the execution of the other instances.
The JVM may be used with an operating system or without an operating system. For example, in a workstation or computer environment running the Unix operating system that supports multiple user processes, many instances of JVM execute concurrently with the Unix operating system supplying access control to resources. However in other systems, such as embedded controllers or systems executing on a processor with no memory management unit (MMU), access control to input/output devices is not ensured even when the underlying operating system supplies independent sections of memory address space for execution of each process. In such systems, access control is typically achieved only indirectly by an application. Direct user-level access control of system devices is not available in hardware.
Resource protection is difficult or impossible to achieve efficiently in a conventional JVM system with no MMU support since such protection is only implemented using software-based techniques executing inside the operating system that hosts the JVM. Such software-based protection entails a heavy overhead burden. One example of a technique for indirectly controlling access is the issuance of a system call by a process that directs a kernel to access the input/output device on behalf of the operating system.
What is needed is a system and technique for controlling process level access to devices such as memory and input/output (I/O) devices from user space in the absence of a memory management unit (MMU) and when the MMU access control functionality is not exploited.